CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,290 vulnerabilities with CWE-22
CVE-2013-1627
Indusoft Web Studio & Advantech Studio <=7.0 - Unauthenticated Path Traversal via NTWebServer.exe
CVE-2013-0911
Google Chrome <25.0.1364.152 - Path Traversal
CVE-2013-0895
Google Chrome <25.0.1364.97-25.0.1364.99 - RCE
CVE-2013-0705
LSI 3ware Disk Manager <3 - Path Traversal
CVE-2013-0262
Rack 1.4.x < 1.4.5 and 1.5.x < 1.5.2 - Path Traversal via PATH_INFO Environment Variable
CVE-2013-0653
GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01-8.0 - Path Traversal via WebView CimWeb Substitute.bcl
CVE-2013-0831
Google Chrome <24.0.1312.52 - Path Traversal
CVE-2012-10061 HIGH
Sockso Music Host Server <=1.5 - Path Traversal
CVE-2012-10054 CRITICAL
Umbraco CMS < 4.7.1 - Unauthenticated Remote Code Execution via codeEditorSave.asmx SaveDLRScript Path Traversal
CVSS 9.8
CVE-2012-10048 HIGH
Zenoss Core 3.x - Command Injection
CVE-2012-10034 HIGH
ClanSphere 2011.3 - Local File Inclusion
CVSS 7.5
CVE-2012-10024 HIGH
XBMC/Media Center < 11.0 - Authenticated Path Traversal via HTTP Server URI
CVE-2012-6664 CRITICAL
Distinct Intranet Servers <3.10 - Path Traversal
CVSS 9.1
CVE-2012-3337 MEDIUM
IBM InfoSphere Guardium 8.0, 8.01, 8.2 - Path Traversal via URL Request
CVSS 5.3
CVE-2012-6609 HIGH
Polycom HDX Video End Points < 3.0.4 and UC APL < 2.7.1.j - Path Traversal via a_getlog.cgi name Parameter
CVSS 7.5
CVE-2012-6652 CRITICAL
Page Flip Book - Path Traversal via pageflipbook_language Parameter
CVSS 9.8
CVE-2012-6665
phpmoneybooks 1.0.4 - Path Traversal via File Parameter
CVE-2012-1669
phpmoneybooks < 1.0.2 - Path Traversal via Module Parameter
CVE-2012-5242
Banana Dance <B.2.6 - Path Traversal
CVE-2012-6651
Vitamin < 1.0.0 - Path Traversal via Path Parameter
CVE-2012-3521
GeSHi < 1.0.8.11 - Path Traversal via CSSGen Contrib Module Parameters
CVE-2012-4915
Google Doc Embedder <2.5.4 - Path Traversal
CVE-2012-4920
Zingiri Forum <1.4.4 - Path Traversal
CVE-2012-5641
Apache CouchDB < 1.0.4, 1.1.x < 1.1.2, 1.2.x < 1.2.1 - Path Traversal via MochiWeb Partition2 Function
CVE-2012-5192
bitweaver < 2.8.1 - Path Traversal via overlay_type Parameter
Details
Vulnerabilities 9,290
Exploit Likelihood High